problem setting up ssh-krb5 from Debian Sarge

Christopher D. Clausen cclausen at uiuc.edu
Tue Nov 2 01:21:02 EST 2004


Wes Chow wrote:
>> Well, check your /etc/hosts file.  I believe that Debian puts the
>> hostname on the 127.0.0.1 line.  This is not good.
>
> Yeah I saw other postings about that, so I fixed it...
>
>> You have libpam-openafs-session installed.  Are you using it as a
>> session module also?
>> session    required     pam_openafs_session.so
>
> I tried putting that line in /etc/pam.d/common-session and now I'm
> getting this in auth.log:
>
> Oct 30 01:09:18 jack sshd[529]: Authorized to wchow, krb5 principal
> wchow at D2702.
> ATHENACR.COM (krb5_kuserok)
> Oct 30 01:09:18 jack sshd[529]: pam_openafs-krb5: open_session: Could
> not find K
> erberos tickets; not running aklog
> Oct 30 01:09:18 jack sshd[529]: (pam_unix) session opened for user
> wchow by (uid
> =0)
> Oct 30 01:09:18 jack sshd[529]: Accepted gssapi for wchow from
> 192.168.0.16 port
> 33003 ssh2

I assume that you have "UsePrivilegeSeparation no" in your sshd_config 
file? as having this set to yes seems to cause the behaviour that you 
describe with not getting AFS tokens at login.

<<CDC
Christopher D. Clausen
ACM at UIUC SysAdmin 



More information about the Kerberos mailing list